The popular course, The Art of Exploiting Injection Flaws will return to Black Hat Las Vegas in July 2013. The OWASP top 10 2013 RC has retained Injection flaw as still the top threat to web applications. Learn advanced SQLI, as well as some new, neat and ridiculous hacks in LDAP, XPATH, XXE, HQLI, direct code (ala RoR flaw) etc.

Just for the benefit for anyone who is not familiar with course content, the topics which might be of interest to them which the course covers:

Oracle SQLI- how do execute code, how to do priv esc from web app, OOBextraction might be of interest to you. Examples of burp pro missingSQLI. Injection in order by/group by, 2nd order injection etc.Stuff on XPATH is pretty awesome. I will show a new attack with whichyou can not just read any arbitrary XML file on system but any filewith any extension.LDAP- some really good example of auth bypass and blind ldap tool.XXE- not too new stuff but good pointer on where to look for these.Direct code injection- examples of recent ruby on rail and otherframework issues such as expression query language injection etc